Question 1 Topic 5, Case Study 5Case Study Question View Case
HOTSPOT
You need to meet the connection requirements for the New York office.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN
appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN
gateway includes the following elements:
Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic
from the on-premises network to the VNet.
Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the
on-premises network is routed through this gateway.
Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-
premises VPN appliance to encrypt traffic.
Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements,
described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.
Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Incorrect Answers:
Azure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner. This connection is
private. Traffic does not go over the internet.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn
Configure and manage virtual networking
Comments
Question 2 Topic 6, Case Study 6Case Study Question View Case
HOTSPOT
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
This reference architecture shows how to deploy VMs and a virtual network configured for an N-tier application, using SQL
Server on Windows for the data tier.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements include:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
Monitor and back up Azure resources
Comments
Question 3 Topic 6, Case Study 6Case Study Question View Case
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
- A. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
- B. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
- C. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
- D. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
Answer:
A
Explanation:
Incoming and the web server subnet only, as users access the web front end by using HTTPS only.
Note Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Comments
Question 4 Topic 7, Case Study 7Case Study Question View Case
You need to ensure that VM1 can communicate with VM4. The solution must minimize administrative effort.
What should you do?
- A. Establish peering between VNET1 and VNET3.
- B. Assign VM4 an IP address of 10.0.1.5/24.
- C. Create a user-defined route from VNET1 to VNET3.
- D. Create an NSG and associate the NSG to VM1 and VM4.
Answer:
A
Explanation:
We need a VPN site-to-site to communicate between Azure and on-premises.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
Comments
Question 5 Topic 7, Case Study 7Case Study Question View Case
HOTSPOT
You implement the planned changes for NSG1 and NSG2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Box 1: No
NSG2 blocks RDP to VM2
Box 2: Yes
ICMP is not blocked
Box 3: No
NSG2 blocks RDP from VM2
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Comments
Question 6 Topic 8, Case Study 8Case Study Question View Case
HOTSPOT
You need to implement Role1.
Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Comments
Question 7 Topic 8, Case Study 8Case Study Question View Case
You need to recommend a solution to automate the configuration for the finance department users. The solution must meet
the technical requirements.
What should you include in the recommendation?
- A. Azure AD B2C
- B. dynamic groups and conditional access policies
- C. Azure AD Identity Protection
- D. an Azure logic app and the Microsoft Identity Management (MIM) client
Answer:
B
Explanation:
Scenario: Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
The recommendation is to use conditional access policies that can then be targeted to groups of users, specific applications,
or other conditions.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
Comments
Question 8 Topic 9, Mixed Questions
Your company has serval departments. Each department has a number of virtual machines (VMs).
The company has an Azure subscription that contains a resource group named RG1.
All VMs are located in RG1.
You want to associate each VM with its respective department.
What should you do?
- A. Create Azure Management Groups for each department.
- B. Create a resource group for each department.
- C. Assign tags to the virtual machines.
- D. Modify the settings of the virtual machines.
Answer:
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
Comments
Question 9 Topic 9, Mixed Questions
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a
distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and
an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the multi-factor authentication page to alter the user settings.
Does the solution meet the goal?
- A. Yes
- B. No
Answer:
B
Comments
Question 10 Topic 9, Mixed Questions
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a
distinctive result. Establish if the solution satisfies the requirements.
Your company has an Azure Active Directory (Azure AD) subscription.
You want to implement an Azure AD conditional access policy.
The policy must be configured to require members of the Global Administrators group to use Multi-Factor Authentication and
an Azure AD-joined device when they connect to Azure AD from untrusted locations.
Solution: You access the Azure portal to alter the session control of the Azure AD conditional access policy.
Does the solution meet the goal?
- A. Yes
- B. No
Answer:
B
Comments
Page 1 out of 34
Viewing questions 1-10 out of 346
page 2